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DETAILED ACTION 

1 . In view of the Appeal Brief filed on 12/1/2006, PROSECUTION IS HEREBY 
REOPENED. A new ground of rejection is set forth below. 

To avoid abandonment of the application, appellant must exercise one of the following 
two options: 

(1) file a reply under 37 CFR 1.1 1 1 (if this Office action is non-final) or a reply under 37 
CFR 1.113 (if this Office action is final); or, 

(2) initiate a new appeal by filing a notice of appeal under 37 CFR 41 .31 followed by an 
appeal brief under 37 CFR 41.37. The previously paid notice of appeal fee and appeal brief fee 
can be applied to the new appeal. If, however, the appeal fees set forth in 37 CFR 41.20 have 
been increased since they were previously paid, then appellant must pay the difference between 
the increased fees and the amount previously paid. 

A Supervisory Patent Examiner (SPE) has approved of reopening prosecution by signing 

below. 

Response to Arguments 

2. In response to communications filed on 12/1/2006, the following claims 107-147 and 
165-181 are presented for examination. 

2.1 In response to communications filed on 12/1/2006, the 1 12 rejection has been withdrawn. 
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2.2 Applicant's arguments, filed in the appeal brief on 12/1/2006 have been fully considered 
but they are not moot in view of a new ground of rejection. 

Claim Rejections - 35 USC § 103 
3. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or 
described as set forth in section 102 of this title, if the differences between the subject matter 
sought to be patented and the prior art are such that the subject matter as a whole would have 
been obvious at the time the invention was made to a person having ordinary skill in the art to 
which said subject matter pertains. Patentability shall not be negatived by the manner in which 
the invention was made. 

Claims 107-115, 131-139, and 165-173 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over US Patent 6,064,671 to Killian in view of US Patent 6,643,701 to Aziz et al. 

As per claim 107, Killian discloses a method comprising: providing a plurality of 
sockets in a socket table or array, wherein each socket normally represents a connection (i.e. has 
an associated connection) and each socket has an associated network port and network IP address 
(see column 14, lines 52-64 and column 15, lines 60-67 and column 5, lines 15-22) that meets 
the recitation of providing a plurality of sockets, wherein each socket has an associated 
connection and an associated security token (network address); 
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Killian discloses the network address is provided by the associated connection (see 
column 6, lines 31-36 and lines 41-50) that meets the recitation of the associated security token 
is provided by the associated connection; 

Killian also discloses receiving an outgoing message having a network address (see 
column 7, line 65 through column 8, line 2) and the message is associated with a connection (see 
column 29, lines 41-42), the message is also associated with a socket (see column 28, lines 26- 
27), that meets the recitation of receiving a first connection and a first security token; 

Killian further discloses creating a socket and each socket has an associated connection 
(see column 14, lines 60-64 and column 5, lines 15-33) that meets the recitation of creating a 
socket associated with the first connection, 

wherein the first connection has associated the first security token (network address) (see 
column 14, lines 60-64 and column 5, lines 15-33); 

Killian further discloses comparing the network address with the associated network 
addresses for a match in the socket table (see column 16, lines 6-12) that meets the recitation of 
comparing the first security token with the associated security tokens; 

in response to said comparing if none of the associated security tokens match the first 
security token (see column 16, lines 17-20), including the socket in the plurality of sockets (see 
column 16, lines 25-28). 

Although Killian s disclosure referring to message is interpreted as a connection, it is 
obvious to one of ordinary skill in the art that the message is directed to a connection as 
explained above because it is associated with socket and as disclosed also in column 5, lines 52- 
60, the message is transmitted over a connection. It would have been obvious to one of ordinary 
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skill in the art at the time the invention was made to use the disclosure of Killian of routing 
message to route connection between physical networks for internetworking (see column 1 , lines 
45-65). Aziz et al in an analogous art teaches end to end security link by creating a first end-to- 
end security link between the first computer and a third computer and creating a second end-to- 
end security link between the second computer and the third computer to establish the secure 
connection (see column 3, lines 35-56 and column 7, line 56 through column 8, line 5). 
Therefore, it would have been obvious to one of ordinary skill in the art at the time the invention 
was made to combine Killian and Aziz et al to create two separate connections at each end 
system to provide an application-specific authentication and link them to establish a secure 
connection between two end systems when messages are exchanged between computers. 

As per claim 108, the references as combined above disclose the limitation of wherein 
the security token is one of a password, a network address, and a verification string (see Killian 
column 14, lines 52-64). 

As per claim 109, Killian discloses in response to said comparing when a match occurs 
coupling an end point of the first connection to a network interface or to a machine which has a 
connection to the network at a remote location (see column 19, lines 4-7 and column 28, lines 
38-46). Aziz et al discloses linking an end point of a first connection to an end point of a 
second connection in response to authentication (see column 7, line 49 through column 8, line 5), 
the authentication may include an authentication token such as password (see column 2, lines 10- 
15). Claim 109 is rejected on the same rationale as the rejection of claim 107. 
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As per claim 110, the references as combined above disclose the limitation of in 
response to said comparing, if none of the associated security tokens match the first security 
token, upon a determination that the first connection is not to be associated with a socket, 
disconnecting the first connection (see Killian column 22, lines 43-47). 

As per claim 111, the references as combined above disclose wherein the coupling the 
first connection to the connection associated with the socket comprises: relaying a data stream 
between the first connection and the connection associated with the socket (see Killian, column 
28, lines 38-46) and (see Aziz et al, column 7, line 49 through column 8, line 5). 

As per claim 112, the references as combined above disclose wherein the coupling the 
first connection to the connection associated with the socket comprises: creating a single 
connection comprising the first connection and the connection associated with the socket (see 
Killian, column 19, lines 4-7 and column 28, lines 38-46) and (see Aziz et al, column 7, line 65 
through column 8, line 1). 



As per claim 113, the references as combined above disclose decoupling the first 
connection and the connection associated with the socket (see Killian, column 22, lines 30-42). 
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As per claim 114, the references as combined above disclose the decoupling occurs upon 
one of failure and disconnect of one of the first connection and the connection associated with 
the socket (see Killian, column 22, lines 42-47). 

y As per claim 115, the references as combined above disclose wherein the first 
connection is transmitted through a first firewall program (see Killian, column 24, lines 48-59). 

As per claim 131, Killian discloses an apparatus comprising: figures 8 and 13 for 
instance show computer systems for performing the claimed method of claim 1 comprising 
means for providing a plurality of sockets in a socket table or array, wherein each socket 
normally represents a connection (i.e. has an associated connection) and each socket has an 
associated network port and network IP address (see column 14, lines 52-64 and column 15, 
lines 60-67 and column 5, lines 15-22) that meets the recitation of means for providing a 
plurality of sockets, wherein each socket has an associated connection and an associated 
security token (network address); 

Killian discloses the network address is provided by the associated connection (see 
column 6, lines 31-36 and lines 41-50) that meets the recitation of the associated security token 
is provided by the associated connection', 

Killian also discloses end system and router (computer system) including means for 
receiving an outgoing message having a network address (see column 7, line 65 through column 
8, line 2 and figs. 3-5) and the message is associated with a connection (see column 29, lines 41- 
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42), the message is also associated with a socket (see column 28, lines 26-27), that meets the 
recitation of means for receiving a first connection and a first security token; 

Killian further discloses computer system with means for creating a socket and each 
socket has an associated connection (see column 14, lines 60-64 and column 5, lines 15-33 and 
fig. 3 and fig. 13) that meets the recitation of means for creating a socket associated with the first 
connection, 

wherein the first connection has associated the first security token (network address) (see 
column 14, lines 60-64 and column 5, lines 15-33); 

Killian further discloses means for comparing the network address with the associated 
network addresses for a match in the socket table (see column 16, lines 6-12 and fig. 3) that 
meets the recitation of means for comparing the first security token with the associated security 
tokens; 

in response to said comparing if none of the associated security tokens match the first 
security token (see column 16, lines 17-20), means for including the socket in the plurality of 
sockets (see column 16, lines 25-28). 

Although Killian's disclosure referring to message is interpreted as a connection, it is 
obvious to one of ordinary skill in the art that the message is directed to a connection as 
explained above because it is associated with socket and as disclosed also in column 5, lines 52- 
60, the message is transmitted over a connection. It would have been obvious to one of ordinary 
skill in the art at the time the invention was made to use the disclosure of Killian of routing 
message to route connection between physical networks for internetworking (see column 1, lines 
45-65). Aziz et al in an analogous art teaches end to end security link by creating a first end-to- 
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end security link between the first computer and a third computer and creating a second end-to- 
end security link between the second computer and the third computer to establish the secure 
connection (see column 3, lines 35-56 and column 7, line 56 through column 8, line 5). 
Therefore, it would have been obvious to one of ordinary skill in the art at the time the invention 
was made to combine Killian and Aziz et al to create two separate connections at each end 
system to provide an application-specific authentication and link them to establish a secure 
connection between two end systems when messages are exchanged between computers. 

As per claim 132, the references as combined above disclose the limitation of wherein 
the security token is one of a password, a network address, and a verification string (see Killian 
column 14, lines 52-64). 

As per claim 133, Killian discloses in response to said comparing when a match occurs 
coupling an end point of the first connection to a network interface or to a machine which has a 
connection to the network at a remote location (see column 19, lines 4-7 and column 28, lines 
38-46). Aziz et al discloses a relay (220 and 440, figures 2 and 4) having means for linking an 
end point of a first connection to an end point of a second connection in response to 
authentication (see column 7, line 49 through column 8, line 5), the authentication may include 
an authentication token such as password (see column 2, lines 10-15). Claim 133 is rejected on 
the same rationale as the rejection of claim 131. 
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As per claim 134, the references as combined above disclose the limitation of in 
response to said comparing, if none of the associated security tokens match the first security 
token, upon a determination that the first connection is not to be associated with a socket, means 
for disconnecting the first connection (see Killian column 22, lines 43-47). 

As per claim 135, the references as combined above disclose wherein the coupling the 
first connection to the connection associated with the socket comprises: means for relaying a data 
stream between the first connection and the connection associated with the socket (see Killian, 
column 28, lines 38-46) and (see Aziz et al, column 7, line 49 through column 8, line 5). 

As per claim 136, the references as combined above disclose wherein the coupling the 
first connection to the connection associated with the socket comprises: computer system such as 
the one shown in fig. 13 with means for creating a single connection comprising the first 
connection and the connection associated with the socket (see Killian, column 19, lines 4-7 and 
column 28, lines 38-46) and (see Aziz et al, column 7, line 65 through column 8, line 1). 

As per claim 137, the references as combined above disclose means for decoupling the 
first connection and the connection associated with the socket (see Killian, column 22, lines 30- 
42 and fig. 13,90B). 
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As per claim 138, the references as combined above disclose the decoupling occurs upon 
one of failure and disconnect of one of the first connection and the connection associated with 
the socket (see Killian, column 22, lines 42-47). 

As per claim 139, the references as combined above disclose wherein the first 
connection is transmitted through a first firewall program (see Killian, column 24, lines 48-59). 

As per claim 165, claim 165 discloses the same limitations as claim 107 except for 
incorporating the claimed method into a computer program. Killian discloses the computer 
systems include applications for performing the invention (see column 14, lines 44-64). 
Therefore, claim 165 is rejected on the same rationale as the rejection of claim 107, 

As per claim 166, the references as combined above disclose the limitation of wherein 
the security token is one of a password, a network address, and a verification string (see Killian 
column 14, lines 52-64). 

Claims 167-173 are similar to the rejected claims 1 09-1 1 5 respectively except for 
incorporating the claimed methods into a computer program. Therefore, 109-1 15 are rejected on 
the same rationale as the rejection of claims 167-173. 
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4. Claims 116-119 are rejected under 35 U.S.C 103(a) as being unpatentable over US 
Patent 6,064,671 to Killian in view of US Patent 6,643,701 to Aziz et ai as applied to claims 
107-115 and further in view of US Patent 6, 1 04,7 1 6 to Crichton et ai. 

As per claims 116-119, Killian discloses a protocol daemon that can create network 
connections (column 21, lines 24-30 and lines 45-52) and discloses the first program providing a 
security token (see column 22, lines 8-20) but does not explicitly disclose the protocol daemon 
couples the first connection to the second connection. Aziz et al discloses a relay program for 
relaying first connection with second connection (see abstract and column 9, lines 30-39), either 
the client, the server, or the relay may be a protocol daemon (see column 6, lines 4-6), but does 
not explicitly disclose a second connection connecting the protocol daemon to the first program. 
Crichton et al in an analogous art teaches using a client proxy for communicating with a client 
and with a middle proxy and coupling the connections to provide end-to-end connections 
through firewalls (column 2, lines 26-52). Crichton et al also discloses the client and the proxy 
can reside on the same machine (column 6, lines 15-24). Crichton et al also discloses that the 
functionality of end proxies that meets the recitation of protocol daemon can be increased to 
allow for other protocols and services, for example one end proxy could provide both client and 
server end proxy functionality (column 5, lines 41-45). Crichton et al discloses one end proxy 
could provide both client and server end proxy functionality (column 5, lines 41-45). This 
means if the first program represents an application server an in-bound connection is created "a 
server end-proxy can connect to an inside X-Windows system server and a middle proxy" 
(column 5, lines 32-35). Applicant's specification discloses the same (on page 9, lines 9-15) 
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program 135 (first program) requires an in-bound connection (e.g. where program 135 is an 
application server) ... such functionality is provided by a daemon running on computer 105. 
Therefore, it would have been obvious to one of ordinary skill in the art at the time the invention 
was made to modify the proxy or protocol daemon disclosed in Killian and Aziz et al as 
combined above to provide a protocol daemon program that does the creating of the first 
connection as well as the second connection and coupling the first and second connections thus 
increasing the functionality of end proxy to allow for other protocols and services as suggested 
by Crichton et al (see column 5, lines 32-45). One skilled in the art would have been lead to 
make such a modification and recognizes the advantage of using an end proxy that could provide 
both client and server end proxy functionality as this increase of functionality would allow for 
more protocols and services as suggested by Crichton et al (see column 5, lines 41-45). 

5. Claims 120-124, 128-130, 140-144, and 174-178 are rejected under 35 U.S.C. 103(a) as 
being unpatentable over US Patent 6,643,701 to Aziz et al in view of US Patent 6,104,716 to 
Crichton et al. 

As per claim 120, Aziz et al discloses a method comprising: receiving from a client or 
first computer (first program) a first security token through handshaking (see column 5, lines 57- 
61 and column 8, lines 33-37) similar to the one described in fig. 1 (see column 1, line 55 
through column 2, line 36) that meets the recitation of receiving a first security token from the 
first program; 
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creating a second connection between relay and server (see column 8, lines 17-19 and 
column 10, lines 61-62) that meets the recitation of creating a second connection to a relay 
program; 

providing the first security token to the relay program, for example (see column 5, lines 
10-13 and column 9, lines 3-5); and upon successful creation of the second connection, coupling 
the first connection to the second connection, for example(see column 8, lines 50-65). 

Aziz et al does not explicitly disclose creating a first connection to a first program. 
Crichton et al in an analogous art teaches using a client proxy for communicating with a client 
and with a middle proxy and coupling the connections to provide end-to-end connections 
through firewalls (column 2, lines 26-52). Crichton et al also discloses the client and the proxy 
can reside on the same machine (column 6, lines 15-24). Crichton et al also discloses that the 
functionality of end proxies that meets the recitation of protocol daemon can be increased to 
allow for other protocols and services, for example one end proxy could provide both client and 
server end proxy functionality (column 5 5 lines 41-45). Crichton et al discloses one end proxy 
could provide both client and server end proxy functionality (column 5, lines 41-45). This 
means if the first program represents an application server an in-bound connection is created "a 
server end-proxy can connect to an inside X-Windows system server and a middle proxy" 
(column 5, lines 32-35). Applicant's specification discloses the same (on page 9, lines 9-15) 
program 135 (first program) requires an in-bound connection (e.g. where program 135 is an 
application server) . . . such functionality is provided by a daemon running on computer 105. 
Therefore, it would have been obvious to one of ordinary skill in the art at the time the invention 
was made to modify Aziz et al to provide a protocol daemon program that does the creating of 
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the first connection to a first program as well as the second connection and coupling the first and 
second connections thus increasing the functionality of end proxy to allow for other protocols 
and services as suggested by Crichton et al (see column 5, lines 32-45). One skilled in the art 
would have been lead to make such a modification and recognizes the advantage of using an end 
proxy that could provide both client and server end proxy functionality as this increase of 
functionality would allow for more protocols and services as suggested by Crichton et al (see 
column 5, lines 41-45). 

As per claim 121, the references as combined above disclose the limitation of wherein 
the second connection is transmitted through a firewall program (see Crichton et al, fig. 4). 
Claim 121 is rejected on the same rationale as the rejection of claim 120. 

As per claim 122, the references as combined above disclose relaying a data stream 
between the first connection and the second connection (see Aziz et al, column 8, lines 50-65). 

As per claim 123, the references as combined above disclose wherein the first security 
token is one of a password, a network address, and a verification string (see Aziz et al, column 9, 
lines 3-5). 

As per claim 124, the references as combined above disclose terminating the first 
connection and the second connection (see Aziz et al, column 8, lines 48-49). 
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As per claims 128-130, Aziz et al discloses receiving a first security token from the first 
program (see column 5, lines 57-61 and column 8, lines 33-37; providing the first security token 
to the relay program, for example (see column 5, lines 10-13 and column 9, lines 3-5) a relay 
program for relaying first connection with second connection (see abstract and column 9, lines 
30-39 and column 8, lines 50-65), and further discloses either the client, the server, or the relay 
may be a protocol daemon and may be incorporated in one or more machines (see column 6, 
lines 4-6). Aziz et al does not explicitly disclose a protocol daemon does the creating the first 
connection, the creating the second connection. Crichton et al in an analogous art teaches using 
a client proxy for communicating with a client and with a middle proxy and coupling the 
connections to provide end-to-end connections through firewalls (column 2, lines 26-52). 
Crichton et al also discloses the client and the proxy can reside on the same machine (column 6, 
lines 15-24). Crichton et al also discloses that the functionality of end proxies that meets the 
recitation of protocol daemon can be increased to allow for other protocols and services, for 
example one end proxy could provide both client and server end proxy functionality (column 5, 
lines 41-45). Crichton et al discloses the protocol daemon creating connection as explained in 
claim 12 above. Claims 128-130 are rejected on the same rationale as the rejection of claim 120 
above. 

As per claim 140, Aziz et al discloses an apparatus comprising: a relay (220 and 440, 
figures 2 and 4) having means for receiving from a client or first computer (first program) a first 
security token through handshaking (see column 5, lines 57-61 and column 8, lines 33-37) 
similar to the one described in fig. 1 (see column 1, line 55 through column 2, line 36) that 
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meets the recitation of means for receiving a first security token from the first program (column 
5, lines 18-20); 

the relay (220 and 440, figures 2 and 4) having means for creating a second connection 
between relay and server (see column 8, lines 17-19 and column 10, lines 61-62) that meets the 
recitation of means for creating a second connection to a relay program; 

means for providing the first security token to the relay program, for example (see 
column 5, lines 10-13 and column 9, lines 3-5); and upon successful creation of the second 
connection, means for coupling the first connection to the second connection, for example(see 
column 8, lines 50-65). 

Aziz et al does disclose that the relay may be used as a daemon (column 6, lines 4-6) but 
is silent about means for creating a first connection to a first program, Crichton et al in an 
analogous art teaches using a client proxy for communicating with a client and with a middle 
proxy and coupling the connections to provide end-to-end connections through firewalls (column 
2, lines 26-52). Crichton et al also discloses the client and the proxy can reside on the same 
machine (column 6, lines 15-24). Crichton et al also discloses that the functionality of end 
proxies that meets the recitation of protocol daemon can be increased to allow for other protocols 
and services, for example one end proxy could provide both client and server end proxy 
functionality (column 5, lines 41-45). Crichton et al discloses one end proxy could provide 
both client and server end proxy functionality (column 5, lines 41-45). This means if the first 
program represents an application server an in-bound connection is created "a server end-proxy 
can connect to an inside X-Windows system server and a middle proxy" (column 5, lines 32-35). 
Applicant's specification discloses the same (on page 9, lines 9-15) program 135 (first program) 
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requires an in-bound connection (e.g. where program 135 is an application server) ... such 
functionality is provided by a daemon running oh computer 105. Therefore, it would have been 
obvious to one of ordinary skill in the art at the time the invention was made to modify Aziz et al 
to provide a protocol daemon program that does the creating of the first connection to a first 
program as well as the second connection and coupling the first and second connections thus 
increasing the functionality of end proxy to allow for other protocols and services as suggested 
by Crichton et al (see column 5, lines 32-45). One skilled in the art would have been lead to 
make such a modification and recognizes the advantage of using an end proxy that could provide 
both client and server end proxy functionality as this increase of functionality would allow for 
more protocols and services as suggested by Crichton et al (see column 5, lines 41-45). 

As per claim 141, the references as combined above disclose means for transmitting the 
second connection through a firewall program (see Crichton et al, fig. 4). Claim 141 is rejected 
on the same rationale as the rejection of claim 140. 

As per claim 142, the references as combined above disclose a relay having means for 
relaying a data stream between the first connection and the second connection (see Aziz et al, 
column 8, lines 50-65). 

As per claim 143, the references as combined above disclose wherein the first security 
token is one of a password, a network address, and a verification string (see Aziz et al, column 9, 
lines 3-5). 
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As per claim 144, the references as combined above disclose means for terminating the 
first connection and the second connection (see Aziz et al, column 8, lines 48-49). 

Claims 174-178 contain the same limitations as claims 120-124 respectively except for 
incorporating the claimed method into a computer program. Therefore, 174-178 are rejected on 
the same rationale as the rejection of claims 120-124. 

6. Claims 125-127, 145-147, and 179-181 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over US Patent 6,643,701 to Aziz et al in view of US Patent 6,104,716 to Crichton 
et al. as applied to claims 120-124, 140-144, and 174-178 and further in view of US Patent 
6,064,671 to Killian. 

As per claims 125-127, Crichton et al discloses that the functionality of end proxies that 
meets the recitation of protocol daemon can be increased to allow for other protocols and 
services, for example one end proxy could provide both client and server end proxy functionality 
(column 5, lines 41-45) that meets the recitation of claim 126. Aziz et al discloses a relay that 
compares the first security token of the client with stored tokens to perform authentication and in 
response to a match (i.e. the client's password matches the stored password), coupling the second 
connection (connection between relay and server) to the first connection which matches the 
stored security token (see column 12, lines 8-21; column 7, line 65 through column 8, line 1; 
column 2, lines 11-15). Aziz et al does not explicitly disclose including the second connection 
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with one or more corresponding connections in response to no match. Killian in an analogous 
art teaches providing a plurality of sockets in a socket table or array, wherein each socket 
normally represents a connection (i.e. has an associated connection) and each socket has an 
associated network port and network IP address (see column 14, lines 52-64 and column 15, 
lines 60-67 and column 5, lines 15-22). Killian further discloses means for comparing the 
network address with the associated network addresses for a match in the socket table (see 
column 16, lines 6-12 and fig. 3) that meets the recitation of comparing the first security token 
with the associated security tokens; in response to said comparing if none of the associated 
security tokens match the first security token (see column 16, lines 17-20), including the socket 
in the plurality of sockets (see column 16, lines 25-28). Killian also suggests handshaking 
including use of password (see column 22, lines 3-1 1). Therefore, it would have been obvious to 
one of ordinary skill in the art at the time the invention was made to modify the method as 
combined above to associate the connections with a security token and create new entry in the 
table in response to no match because it would allow to keep track on the traffic on the network 
which provides an advantage in load balancing as suggested by Aziz et al (see column 9, lines 
31-35 and lines 42-48). 

As per claims 145-147, Crichton et al discloses that the functionality of end proxies that 
meets the recitation of protocol daemon can be increased to allow for other protocols and 
services, for example one end proxy could provide both client and server end proxy functionality 
(column 5, lines 41-45) that meets the recitation of claim 146. Aziz et al discloses a relay with 
means for comparing the first security token of the client with stored tokens to perform 
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authentication and in response to a match (i.e. the client's password matches the stored 
password), means for coupling the second connection (connection between relay and server) to 
the first connection which matches the stored security token (see column 12, lines 8-21; column 
7, line 65 through column 8, line 1; column 2, lines 11-15). Aziz et al does not explicitly 
disclose including the second connection with one or more corresponding connections in 
response to no match. Killian in an analogous art teaches means for providing a plurality of 
sockets in a socket table or array, wherein each socket normally represents a connection (i.e. has 
an associated connection) and each socket has an associated network port and network IP address 
(see column 14, lines 52-64 and column 15, lines 60-67 and column 5, lines 15-22). Killian 
further discloses means for comparing the network address with the associated network 
addresses for a match in the socket table (see column 16, lines 6-12 and fig. 3) that meets the 
recitation of means for comparing the first security token with the associated security tokens; in 
response to said comparing if none of the associated security tokens match the first security 
token (see : column 16, lines 17-20), means for including the socket in the plurality of sockets (see 
column 16, lines 25-28). Killian also suggests handshaking including use of password (see 
column 22, lines 3-11). Therefore, it would have been obvious to one of ordinary skill in the art 
at the time the invention was made to modify the method as combined above to associate the 
connections with a security token and create new entry in the table in response to no match 
because it would allow to keep track on the traffic on the network which provides an advantage 
in load balancing as suggested by Aziz et al (see column 9 S lines 31-35 and lines 42-48). 
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Claims 179-181 contains the same limitations as claims 125-127 respectively except for 
incorporating the claimed method into a computer program. Therefore, 179-181 are rejected on 
the same rationale as the rejection of claims 125-127. 
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